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What is claimed is: 

CLAIMS 

\ A method for content access control operative to enable authorized 

devices to access protected content and to prevent unauthorized devices from 
acceding protected content, the method comprising: 

\ providing a plurality of authorized devices; 

dividing the plurality of authorized devices into a plurality of 
groups, eacnSpf the plurality of authorized devices being comprised in at least one 
of the plurality^ of groups, no two devices of the plurality of authorized devices 
being comprisedVi exactly the same groups; 

determining whether at least one device of the plurality of 
authorized devices is to be prevented from having access to the protected content 
and, if at least one deviceyis to be prevented, removing all groups comprising the at 
least one device from the murality of groups, thus producing a set of remaining 
groups; and \ 

determining an authorized set comprising groups from the set of 
remaining groups, such that eachXdevice of the plurality of authorized devices 
which was not determined, in the determining whether step, to be prevented from 
having access is comprised in at least onfe group of the authorized set. 

2. A method according to claim iVnd also comprising: 

assigning, to each one of the plurality of authorized devices, a set of 
keys comprising one group key for each groupXof which the one device is a 
member; and \ 

utilizing at least some of the group keys for communication of a 
content decryption key to at least one of the plurality of aiMiorized devices. 

3. A method according to claim 2 and whereiiiVthe utilizing step 
comprises, for each of the plurality of authorized devices: \ 

obtaining the content decryption key, wherein the obtaining 
comprises performing no more than a predetermined number of decryptrons. 
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4c A method according to claim 2 and wherein the utilizing step 

cor^prises, for each of the plurality of authorized devices: 

\ obtaining the content decryption key, wherein the obtaining 

comprises performing exactly one decryption. 

5. method according to claim 2 and also comprising: 

attach authorized device having access to the protected content, 
performing no mork than a predetermined number of decryption operations, said 
predetermined numbet: being the same for all authorized devices, to obtain the 
content decryption key from an encrypted form thereof, said encrypted form being 
encrypted with a group key corresponding to a group of which said authorized 
device is a member. \ 

6. A method accordingvto claim 5 and wherein said predetermined 
number does not depend on the number of authorized devices. 

7. A method according to clairn 5 and wherein said predetermined 
number is equal to 1 . \ 

8. A method according to claim 2 and also comprising the step of: 

at at least one of the authorized devices^^using the group key of the 
set of keys corresponding to the group of which the^ authorized device is a 
member. \ 

9. A method according to claim 2 and wherein eacnSgroup key of the 
set of keys is assigned an initial value, and said initial value can not^be changed. 

10. A method according to claim 1 and wherein the autnorized set 
comprises a plurality of maximal groups from the set of remaining grouW such 
that each maximal group is not a subset of any one of the set of remaining groups. 
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1\. A method according to claim 1 wherein the determining whether 

stejXcomprises receiving an identification of the at least one device. 



A 



12. \ A method according to claim 1 and wherein each two devices of the 
plurality of^authorized devices have at least one group key in common. 

13. Amethod according to claim 1 and wherein at least some of the 
authorized devicesvare not in communication with a central authorization facility 
after an initial manuikcturing period. 



14. A method for preventing a plurality of devices, chosen from among 
a plurality of authorized advices, from having access to protected content, the 
method comprising: 

distributing a prot'bicted content access key independently encrypted 
with each group key of a set of group keys, wherein none of a plurality of devices 
to be prevented from having access touprotected content are members of any group 
associated with any of the set of group R^eys. 

15. A method according to claim\4 and wherein each group key of the 
set of group keys has an initial value, and the if\itial value can not be changed. 

16. A method according to claim 14 and'^lso comprising: 
at each authorized device having acc^s to the protected content, 

performing no more than a predetermined number of decryption operations, said 
predetermined number being the same for all authorizeld devices, to obtain the 
protected content access key from an encrypted form thereof said encrypted form 
being encrypted with a group key corresponding to a grc^up of which said 
authorized device is a member. 



17. A method according to claim 16 and wherein said predetermined 

number does not depend on the number of authorized devices. 
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\S, A method according to claim 17 and wherein said predetermined 

nmnber is equal to 1 . 

19. \ A method according to claim 2 and also comprising: 

\ generating each of said group keys as a plurality of independently 



generated\sets of group keys, wherein no group key of any one independently 
generated set is based, even in part, on any key of any other independently 
generated set\ 

20. A method according to claim 14 and also comprising: 
generating each of said group keys as a plurality of independently 

generated sets of grocm keys, wherein no group key of any one independently 
generated set is based,\even in part, on any key of any other independently 
generated set. \ 

21. A method accoraiiig to claim 2 and also comprising: 

generating each oAsaid group keys as a plurality of independently 
generated sets of group keys, wherein each group key is based, at least in part, 
pseudo-randomly on a source key. \ 

22. A method according to clairrkM and also comprising: 
generating each of said groupNkeys as a plurality of independently 

generated sets of group keys, wherein each group key is based, at least in part, 
pseudo-randomly on a source key. \ 

23. A method according to claim 2 and also CK)mprising: 

dividmg the plurality of groups into a hierarchical set of groups, 
said hierarchical set of groups comprising a plurality of groWps comprising at least 
a first group and a second group, each of said first group and said second group 
being associated with first and second group key generiation information 
respectively; and \ 
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\ generating a least one group key in each of said first group and said 

seoond group using said associated group key generation information, wherein 

\ said second group key generation information can be derived from 

said first group key generation information. 

24. \ A method according to claim 14 and also comprising. 

\ dividing the plurality of groups into a hierarchical set of groups, 
said hierarchies set of groups comprising a plurality of groups comprising at least 
a first group ancKa second group, each of said first group and said second group 
being associated V/ith first and second group key generation information 
respectively; and \ 

generating a least one group key in each of said first group and said 
second group using said associated group key generation information, wherein 

said second ^oup key generation information can be derived from 
said first group key generationsinformation. 

25. A method according\o claim 23 and wherein said second group is a 
subgroup of said first group. \ 

23 and wherein said first group key 
Dm said second group key generation 

27. A method according to claim 23 aKd wherein at least one of said 
first group key generation information and said second group key generation 
information is embedded in at least one removable security device. 

28. A method according to claim 27 and wherein said at least one 
removable security device comprises, for at least one of said ftrst group and said 
second group, a plurality of removable security devices. \ 





A method according to claV 
generation information can not be derived 
information. 
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2^?. A method according to claim 28 and wherein at least a 

pre\letermined portion of said plurality of removable security devices is required 
for d\termining the associated group key generation information. 



30. 



A security element comprising: 

a secret store operative to store a secret s; 

first output path for outputting s; and 
a\econd output path for outputting f(s), where f is a function, 
wherein said first output path is functional only during a first period. 



31. Apparatus according to claim 30 and wherein f=g(x), where x is an 
input value. 

32. Apparatus according to claim 30 and wherein the first period 
continues until the first outpu\path has been used a predetermined number of 
times. 

33. Apparatus according toNclaim 30 and wherein the first output path is 
functional for a predefined period of tir 

34. Apparatus according to claim\30 and wherein the first output path is 
functional until a first predefined command isVeceived by the security element. 

35. Apparatus according to claim 30 ancl wherein the first period begins 
upon receipt of a second predefined command by the\security element. 



36. Apparatus according to claim 34 and als\ comprising an external 

communication module, and 

wherein at least one of the following is received from a source 
external to the security element, via the external communication module: the first 
predefined command; and the second predefined command. \ 
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3\ Apparatus according to claim 30 and wherein the security element 

comprises; 

a secret derivation unit operative to derive the secret s from a 
supplied\nput. 

38. \ Apparatus according to claim 37 and wherein the secret derivation 
unit is operative to derive the secret s from the supplied input based, at least in 
part, on pseudo-ri^dom generation, 

39. Apparatus according to claim 37 and wherein the supplied input is 
supplied by a key escrow unit external to the security element. 

40. Apparatus according to claim 30 and wherein the secret s is supplied 
by a key escrow unit external tosihe security element. 

41. Apparatus according lo claim 30 and wherein the security element 
functions as a key escrow component. 

42. A system for content accessVontrol operative to enable authorized 
devices to access protected content and to prevent unauthorized devices from 
accessing protected content, the system comprisn: 

grouping apparatus operative to d^Yide a plurality of authorized 
devices into a plurality of groups, each of the pluralit\ of authorized devices being 
comprised in at least one of the plurality of groups, no tWo devices of the plurality 
of authorized devices being comprised in exactly the sameVroups; 

prevention determination apparatus operative \o determine whether 
at least one device of the plurality of authorized devices is toS^e prevented from 
having access to the protected content and, if at least one device isyto be prevented, 
to remove all groups comprising the at least one device from th^ plurality of 
groups, thus producing a set of remaining groups, and 

authorized set determination apparatus operative to det^mine an 
authorized set comprising groups from the set of remaining groups, such that each 
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svice of the plurality of authorized devices which was not determined, in the 
derermining whether step, to be prevented from having access is comprised in at 
least lone group of the authorized set. 

43. \ A system according to claim 42 and also comprising: 
key assignment apparatus operative to assign, to each one of the 

plurality of ^thorized devices, a set of keys comprising one group key for each 
group of whicnythe one device is a member; and 

utilization apparatus operative to utilize at least some of the group 
keys for communication of a content decryption key to at least one of the plurality 
of authorized devicesS 

44. A method lor black box analysis of a device capable of accessing 
protected content, the method comprising: 

providing a device to be analyzed; 

inputting to the aevice a data item comprising encrypted protected 
content and a plurality of encrypted versions of a content key for accessing the 
protected content, each of the plurahty of encrypted versions being encrypted in 
accordance with a different one of a plWality of group keys; 

receiving, from the de^ce, decrypted content representing a 
decryption of the protected content; 

determining whether the received content is one of the following: 
erroneous; and null, and producing a result; 

identifying a set of group keys coViprising at least one group key 
which is known to the device based, at least in part, cm the result, 

wherein the data item also comprises at least one invalid content key 
encrypted in accordance with one of the plurality of group) keys. 

45. A method for black box analysis of a device\apable of accessing 
protected content, the method comprising: 

providing a device to be analyzed; 
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49. A method according to claim 44 and wherein the identifying step 
comprises ia^R^fying a group key which is not one of the pluraHty of group keys 
with which the invMidcontent key is encrypted. 

50. A method according to cfekn 44 and wherein the identifying step comprises 
identifying a group key which is one oF-^tJie plurality of group keys with which the 
invalid content key is encrypted. 
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